By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Enforce read-only access on EFS to pod

0

Hello, I have two k8s pods accessing the same EFS. One pod writes in the filesystem and the other reads from it. How can I limit the access of the 2nd pod to readonly?

Topics
StorageContainersSecurity, Identity, & Compliance
Tags
Amazon Elastic File SystemAmazon Elastic Kubernetes ServiceIAM Policies
Language
English
Mehdi
asked a year ago404 views
1 Answer
0

Hi

Two ways you can do it

  1. PVC with ReadOnly Access Mode: Create a separate PVC with accessModes: ["ReadOnly"] for the read-only pod.

https://aws.amazon.com/blogs/storage/persistent-storage-for-kubernetes/ Or 2. Pod Security Policies (PSPs):Enforce Read-Only Mounts: Create a PSP that restricts pods to read-only volume mounts. Annotate Read-Only Pods: Annotate pods requiring read-only access with a designated key-value pair.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

profile picture
EXPERT
Ganesh Kudikala
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content